class RuboCop::Cop::GitlabSecurity::DeepMunge
Checks for disabling the deep munge security control.
Disabling this security setting can leave the application open to unsafe query generation
@example
# bad config.action_dispatch.perform_deep_munge = false
See CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
Constants
- MSG
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubocop/cop/gitlab-security/deep_munge.rb, line 22 def on_send(node) return unless disable_deep_munge?(node) add_offense(node, location: :selector) end